I don’t know about you but my fingers get tired of escaping output by typing the long-winded htmlspecialchars($str, ENT_QUOTES, 'UTF-8'); over and over again in small PHP projects that don’t need a full-blown framework with automatic output filtering (e.g. CodeIgniter). No matter how small your project is though filtering your output is extremely important so that you prevent malicious users from executing XSS (Cross-Site Scripting) JavaScript code.

So I decided to give my fingers some relief and finally write a short little helper function and share it. See the code and example in the gist below.

In various projects in the past I’ve had to revisit the topic of data encryption and decryption and the best way to accomplish it. In the interest of developing in the simplest, most efficient, and most secure way I have choosen the MCrypt PHP library (built-in to PHP since v4.0.2), Rijndael-256 cipher, and the Cipher Block Chaining (CBC) mode.

Previously I have used the Electronic CodeBook (ECB) mode, but have learned that it is far less secure than CBC because it creates the same hash every time for the same source data. CBC on the other hand creates a unique hash every time even for the same source data.